According to Sharma, NIELIT, spread across 32 locations in the country with 600 team members focusing on capacity building activities in the northeastern region, will now expand to other regions.

Experts say the decision to select the Maharashtra Police Department as a pilot follows the State Chief Minister Devendra Fadnavis's initiative to grant additional resources to the state police to tackle cybercrime. While setting up a regional CERT office in Mumbai and special courts to handle the state's cybercrime cases is a priority, enhancing the capacity of the cyber police station and cyber cell in Mumbai is a need.

However, law enforcement experts say that although there are good cyber laws to support investigations, there is a need for training and effective tools to handle forensics and some of the specifics of cyber investigations.

Action Plan

According to Sharma, NIELT will leverage its trained resources to take up skills-building. "We have five master trainers (trained by U.S. CERT) who have imparted training to over 1000 professionals across these locations," he says. "These trained professionals represent teams from police departments, security practitioners from various government organizations and other professionals working across various sectors."

"The training will be across three levels based on the background of the official and includes personnel from CBI, anti-corruption bureau, special crime branch and others," Sharma says.

Asked about the training modules and the structure of the training program, Sharma reiterates, "I have just got instruction from the IT secretary to roll out the program, and I will work out a mechanism to put a structure in place on the modus operandi of the training program."

Dr. Singh says, "There are more generalists in the police department who lack knowledge about information security, as they are not from a computers background. Currently, NIELIT must focus on cyber forensic training capabilities, as police personnel struggle to carry out investigation process after the cybercrime is registered."

Thiruvananthapuram-based N Vinayakumaran Nair, Assistant Commandant of Police, Hi-Tech Crime Enquiry Cell, police headquarters says, "There is good support for cybercrime teams on cyber law, but cyber investigation skills must be strengthened, as [police] are not tech savvy."

What is Needed?

Singh says there must be three levels of training - at the sub inspector level, superintendent of Police cadre and at the IPS level, if the department is to develop the capabilities to tackle cybercrime and attacks.

"They training modules should include legal aspects including the IT Act, IP Act, and more important, establish a process of information sharing in real-time," maintains Singh.

Experts say each module should be designed to include two months' training to get a grip on the real skills needed.

Nair says police must be trained to understand the nuances of technology and its operations in tackling cyber threats.

Cyber experts stress that the police should be trained to understand that cybersecurity cannot be viewed in the same manner as other law enforcement activities, and this big push must be carefully planned.

"While it is too early to detail the exact plan of action, we will work out an effective public private partnership model to rope in trainers from the private sector and partner with bodies like NSDC and others to build skills," Sharma says.

"We will focus on three aspects of capacity building - designing the module, developing the necessary framework with effective tools and coming out with an implementation plan," Sharma says.

About the Author

Nandikotkur is an award-winning journalist with over 20 years' experience in newspapers, audio-visual media, magazines and research. She has an understanding of technology and business journalism, and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a Group Editor for CIO & Leader, IT Next and CSO Forum.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;